CN110278207B - Click hijacking vulnerability detection method and device and computer equipment - Google Patents
Click hijacking vulnerability detection method and device and computer equipment Download PDFInfo
- Publication number
- CN110278207B CN110278207B CN201910540302.0A CN201910540302A CN110278207B CN 110278207 B CN110278207 B CN 110278207B CN 201910540302 A CN201910540302 A CN 201910540302A CN 110278207 B CN110278207 B CN 110278207B
- Authority
- CN
- China
- Prior art keywords
- page
- detected
- response message
- http
- http response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a click hijacking vulnerability detection method, a device and computer equipment, wherein the method comprises the following steps: acquiring a Uniform Resource Locator (URL) of a page to be detected, and determining whether to execute a simulated click operation on the page to be detected according to the URL; if the simulated click operation is determined to be executed on the page to be detected, acquiring a hypertext transfer protocol (HTTP) response message returned based on the simulated click operation; determining whether the page to be detected has a click hijack vulnerability or not according to at least one item of result in the HTTP response message; the at least one item of result comprises whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijacking code for prohibiting the page to be detected from loading the iframe page.
Description
Technical Field
The invention relates to the field of financial technology (Fintech) and the field of information security, in particular to a click hijack vulnerability detection method, a click hijack vulnerability detection device and computer equipment.
Background
With the development of computer technology, more and more technologies (big data, distributed, block chain (Blockchain), artificial intelligence, etc.) are applied in the financial field, and the traditional financial industry is gradually shifting to financial technology (Fintech). At present, in the field of financial science and technology, information security is of great importance, click hijacking is a visual deception means, an attacker can cover a webpage with a transparent and invisible inline frame (iframe), then the user is induced to operate on the webpage, and the user can be induced to click on some functional buttons and some operations of the iframe page just by adjusting the position of the iframe page. Therefore, some web pages have click-clamping holes, and the click-clamping holes need to be detected.
At present, a mode of detecting the click-to-hold bug is to manually test a webpage, and a test will not click on some functional buttons of an iframe page through manually clicking the webpage at will so as to determine whether the click-to-hold bug exists in one page. However, in a manual detection mode, it is difficult to distinguish whether to click on some functional buttons of the iframe page or the page to be detected, so that the missed report or the false report is easily generated when detecting the click hijacking vulnerability in the prior art, and the detection accuracy is low.
Disclosure of Invention
The embodiment of the application provides a click hijacking vulnerability detection method, a click hijacking vulnerability detection device and computer equipment, and solves the problems that in the prior art, missing reports or false reports are easy to occur when a click hijacking vulnerability is detected, and the detection accuracy is low.
In a first aspect, an embodiment of the present application provides a click hijacking vulnerability detection method: acquiring a Uniform Resource Locator (URL) of a page to be detected, and determining whether to execute a simulated click operation on the page to be detected according to the URL; if the simulated click operation is determined to be executed on the page to be detected, acquiring a hypertext transfer protocol (HTTP) response message returned based on the simulated click operation; determining whether the page to be detected has a click hijack vulnerability or not according to at least one result in the HTTP response message; the at least one result includes whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijack code for prohibiting the page to be detected from loading the iframe page.
The method comprises the steps of firstly obtaining a Uniform Resource Locator (URL) of a page to be detected, determining whether to execute simulated click operation on the page to be detected according to the URL, if the simulated click operation on the page to be detected is determined, obtaining an HTTP response message, and determining whether a click hijack vulnerability exists according to at least one result in the HTTP response message; therefore, a part of missed reports of the click hijacking loophole is reduced according to the URL, in addition, when the page to be detected is subjected to the click hijacking loophole, whether the page to be detected has the click hijacking loophole or not is determined through at least one result of the simulated click operation performed on the page to be detected, the page nesting attribute of the CSP represents whether the page to be detected can be nested by the iframe page or not, in addition, the preset anti-hijacking code used for prohibiting the page to be detected from loading the iframe page of the internal connection frame is combined, whether the page to be detected has the click hijacking loophole or not is comprehensively considered, and therefore the detection accuracy is improved.
In an optional implementation manner, the HTTP response packet includes an HTTP resource portion, and it is determined whether the HTTP response packet contains the preset anti-hijack code according to the following manner: and performing regular matching on the HTTP resource part and a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijack code according to the result of the regular matching.
According to the method, whether the HTTP response message contains the preset anti-hijack code or not is determined according to the result of regular matching between the HTTP resource part and the preset regular expression, and whether the HTTP response message contains the preset anti-hijack code or not can be accurately checked due to the fact that the regular expression has strong logicality and flexibility.
In an optional implementation manner, if it is determined that the simulated click operation is performed on the page to be detected, acquiring a hypertext transfer protocol HTTP response packet returned based on the simulated click operation includes: and if the HTTP request corresponding to the simulated click operation is a request for changing background data of the page to be detected and the HTTP request contains login state information, acquiring the HTTP response message returned based on the simulated click operation.
In the method, the HTTP request is a request for changing background data of the page to be detected, and when the HTTP request contains login state information, the HTTP request has a hijacking vulnerability condition, so that the HTTP response message is obtained under the condition.
In an optional implementation manner, the determining whether to perform a simulated click operation on the page to be detected according to the URL includes: and determining whether the URL is in a preset URL white list, and if not, executing simulated click operation on the page to be detected.
According to the method, a part of URLs are filtered in advance by presetting the URL white list, so that false alarm is prevented to a certain extent, and the accuracy rate of detecting the click hijack vulnerability is improved.
In an alternative embodiment, the at least one result further comprises: whether the HTTP response message comprises page nesting header information or not.
According to the method, another result of detecting the click hijack vulnerability is expanded, the page nesting header information represents the page nesting attribute of the page to be detected, and the accuracy of detecting the click hijack vulnerability is further improved.
In a second aspect, the present application provides a click hijacking vulnerability detection apparatus, including: the acquisition module is used for acquiring a Uniform Resource Locator (URL) of a page to be detected and determining whether to execute a simulated click operation on the page to be detected according to the URL; the processing module is used for acquiring a hypertext transfer protocol (HTTP) response message returned based on the simulated click operation if the simulated click operation is determined to be executed on the page to be detected; determining whether the page to be detected has a click hijack vulnerability or not according to at least one item of result in the HTTP response message; the at least one result includes whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijack code for prohibiting the page to be detected from loading the iframe page.
In an optional implementation manner, the HTTP response packet includes an HTTP resource portion, and the processing module is specifically configured to: determining whether the HTTP response message contains the preset anti-hijack code according to the following mode: and performing regular matching on the HTTP resource part and a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijack code according to a result of the regular matching.
In an optional implementation manner, the processing module is specifically configured to: and if the HTTP request corresponding to the simulated click operation is a request for changing background data of the page to be detected and the HTTP request contains login state information, acquiring the HTTP response message returned based on the simulated click operation.
In an optional implementation manner, the processing module is specifically configured to: and determining whether the URL is in a preset URL white list, and if not, executing simulated click operation on the page to be detected.
In an alternative embodiment, the at least one result further comprises: whether the HTTP response message comprises page nesting header information or not.
For the advantageous effects of the second aspect and the embodiments of the second aspect, reference may be made to the advantageous effects of the first aspect and the embodiments of the first aspect, which are not described herein again.
In a third aspect, an embodiment of the present application provides a computer device, which includes a program or an instruction, and when the program or the instruction is executed, the program or the instruction is used to execute the method of the first aspect and the embodiments of the first aspect.
In a fourth aspect, an embodiment of the present application provides a storage medium, which includes a program or instructions, and when the program or instructions are executed, the program or instructions are configured to perform the method of the first aspect and the embodiments of the first aspect.
Drawings
Fig. 1 is a schematic flow chart illustrating steps of a click hijacking vulnerability detection method according to an embodiment of the present application;
fig. 2 is a schematic diagram of a preset anti-hijack code of a click hijack vulnerability detection method according to an embodiment of the present application;
fig. 3 is a schematic flowchart illustrating specific steps of a method for detecting a click hijacking vulnerability according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a click hijacking vulnerability detection apparatus according to an embodiment of the present application.
Detailed Description
In order to better understand the technical solutions, the technical solutions will be described in detail below with reference to the drawings and the specific embodiments of the specification, and it should be understood that the specific features in the embodiments and examples of the present application are detailed descriptions of the technical solutions of the present application, but not limitations of the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
In the field of financial technology (Fintech), the importance of information security is self-evident. In the financial transaction process, some web pages have click-clamping bugs, and the click-clamping bugs need to be detected. At present, a mode of detecting the click-to-hold bug is to manually test a webpage, and a test will not click on some functional buttons of an iframe page through manually clicking the webpage at will so as to determine whether the click-to-hold bug exists in one page. However, in a manual detection mode, it is difficult to distinguish whether the user clicks some functional buttons of the iframe page or the page to be detected, so that the user is prone to missing or false alarm, and the detection accuracy is low.
Therefore, an embodiment of the present application provides a method for detecting a click hijacking vulnerability, and fig. 1 is a schematic flow chart illustrating steps of the method for detecting a click hijacking vulnerability provided in the embodiment of the present application.
Step 101: the method comprises the steps of obtaining a Uniform Resource Locator (URL) of a page to be detected, and determining whether to execute simulated click operation on the page to be detected according to the URL.
It should be noted that, the Browser of the page to be detected is not limited, for example, a Browser without an interface (header Browser), the header Browser is a web Browser without a Graphical User Interface (GUI), and is generally controlled through a programming or command line interface, and the header Browser may be a Chrome header, which is one of many uses of a Chrome header, and is an automated usability test or a test Browser interaction. Chrome Headless can be called to simulate click operation and the like.
Step 102: and if the simulated click operation is determined to be executed on the page to be detected, acquiring a hypertext transfer protocol (HTTP) response message returned based on the simulated click operation.
Step 103: and determining whether the page to be detected has a click hijack vulnerability or not according to at least one result in the HTTP response message.
In step 101, the specific implementation of determining whether to execute the simulated click operation on the page to be detected according to the URL may be:
and determining whether the URL is in a preset URL white list, and if not, executing simulated click operation on the page to be detected.
For example, the default URL white list includes URL1, URL2, and URL3. And the URL4 of the page A to be detected is not in the preset URL white list, so that the simulated click operation is executed on the page A to be detected.
According to the method, a part of URLs are filtered in advance by presetting the URL white list, so that false alarm is prevented to a certain extent, and the accuracy rate of detecting the click hijacking loophole is improved.
In step 102, if it is determined that the simulated click operation is performed on the page to be detected, an optional implementation manner of obtaining a hypertext transfer protocol HTTP response message returned based on the simulated click operation is as follows:
and if the HTTP request corresponding to the simulated click operation is a request for changing background data of the page to be detected and the HTTP request contains login state information, acquiring the HTTP response message returned based on the simulated click operation.
It should be noted that some relevant configuration information of the page to be detected is stored in the background server as background data, and the HTTP request is a request for changing the background data of the page to be detected and is a request for changing the background data of the page to be detected.
In the method, the HTTP request is a request for changing background data of the page to be detected, and when the HTTP request contains login state information, the HTTP request has a hijacking vulnerability condition, so that the HTTP response message is obtained under the condition.
In step 103, the at least one result includes whether the HTTP response packet contains a page nesting attribute of the content security policy CSP, or whether the HTTP response packet contains a preset anti-hijack code for prohibiting the page to be detected from loading the iframe page.
For example, as shown in fig. 2, a schematic diagram of the preset anti-hijacking code of the click-hijacking vulnerability detection method provided in the embodiment of the present application is shown. The code shown in fig. 2 performs the following steps at runtime:
firstly, setting the display of a main body part of a page to be detected as a Cascading Style Sheets (CSS) style of None.
The display is a parameter that can define the CSS style, and different CSS styles can be set by assigning different values to the display. When the display is set to None, the main body part displayed on the page to be detected cannot be hidden on the page to be detected of the browser and cannot be clicked for control, according to the rendering sequence of the browser to the codes, the codes in the style label of the hidden main body can take effect first, and style is one attribute of the page to be detected.
And secondly, when the browser renders the last js code part, enabling the js code in the script tag to be effective, and checking whether the pages are nested.
It should be noted that js is JavaScript, an transliterated scripting language.
And thirdly, if top and self are equal, the page is not nested, and the display originally set to the main body part is removed and is the CSS style of None.
Wherein top is a variable provided by the browser, representing the outermost window object, self is the current window object.
And fourthly, if the top and self are not equal, assigning self.location to the top.location, so that the js code jumps the page of the outermost window to the page of the page to be detected, and nesting is prevented.
Where top.location represents the location of the outermost window object and self.location represents the location of the current window object.
The HTTP response message comprises an HTTP resource part, and whether the HTTP response message contains the preset anti-hijack code is determined according to the following mode: and performing regular matching on the HTTP resource part and a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijack code according to the result of the regular matching.
In the method, whether the HTTP response message contains the preset anti-hijack code or not is determined according to the result of regular matching between the HTTP resource part and the preset regular expression, and the regular expression has stronger logicality and flexibility, so that whether the HTTP response message contains the preset anti-hijack code or not can be accurately checked.
In addition, the HTTP response message comprises an HTTP header, and whether the page nesting attribute of the content security policy CSP is contained or not can be determined through character string matching.
It should be noted that, when the page nesting attribute of the CSP takes different values, it represents different attributes, for example: (1) CSP frame-anchors 'none' indicates that it cannot be nested; (2) CSP, frame-ans 'self'; can only be nested by the site; (3) CSP frame-processes 'self:. Somesite.com'; com may indicate, among other information, the domain name protocol port of the nested site.
It should be noted that at least one of the above results may further include: whether the HTTP response message comprises page nesting header information or not. According to the method, another result of detecting the click hijack vulnerability is expanded, the page nesting header information represents the page nesting attribute of the page to be detected, the detection accuracy of the click hijack vulnerability is further improved, and whether the page nesting header information is contained or not can be determined through character string matching. For example, the page nesting header information may be an X-Frame-Options header.
Specifically, when the X-Frame-Options takes different values, the following results are obtained: X-Frame-Options: DENY: nesting is not allowed; X-Frame-Options: SAMEORIGIN: can be nested by homologous sites; X-Frame-Options: ALLOW-FROM uri; pages that can be nested are specified. Since the page nesting header information of the X-Frame-Options is not supported by some browsers at present, the click hijacking vulnerability needs to be determined by combining the page nesting attribute of the CSP in some cases.
The method comprises the steps of 101-103, firstly obtaining a Uniform Resource Locator (URL) of a page to be detected, determining whether to execute a simulated click operation on the page to be detected according to the URL, if the simulated click operation on the page to be detected is determined, obtaining an HTTP response message, and determining whether a click hijack vulnerability exists according to at least one result in the HTTP response message; therefore, a part of missed reports of the click hijacking loophole is reduced according to the URL, in addition, when the page to be detected is subjected to the click hijacking loophole, whether the page to be detected has the click hijacking loophole or not is determined through at least one result of the simulated click operation performed on the page to be detected, the page nesting attribute of the CSP represents whether the page to be detected can be nested by the iframe page or not, in addition, the preset anti-hijacking code used for prohibiting the page to be detected from loading the iframe page of the internal connection frame is combined, whether the page to be detected has the click hijacking loophole or not is comprehensively considered, and therefore the detection accuracy is improved.
Referring to fig. 3, a method for detecting a click hijacking vulnerability provided in an embodiment of the present application is described in detail, and fig. 3 is a flowchart illustrating specific steps of the method.
Step 301: and acquiring the URL of the page to be detected.
Step 302: and determining whether the URL of the page to be detected is in a preset white list.
If yes, go to step 310; otherwise, step 303 is performed.
Step 303: and performing simulated click operation and triggering the HTTP request.
For example, a JavaScript of Chrome Headless is called to perform the simulated click operation.
Step 304: determining whether the HTTP request meets a preset condition: the HTTP request is a request for updating background data of the page to be detected, and comprises login state information.
If yes, go to step 305; otherwise, step 310 is performed.
Step 305: and acquiring the HTTP response message.
The HTTP response message is a response message responding to the HTTP request of the page to be detected.
After step 305 is executed, at least one of step 306 to step 308 is executed.
Step 306: and determining whether the HTTP response message contains page nesting header information.
Step 307: and determining whether the HTTP response message contains the page nesting attribute of the CSP strategy.
Step 308: and determining whether the HTTP response message contains a preset anti-hijack code.
It should be noted that at least one of the steps 306 to 308 may be executed simultaneously, and the steps 306 to 308 are not affected.
If the determination result of any step in at least one step executed in steps 306 to 308 is yes, executing step 310; otherwise step 309 is performed.
Step 309: and determining that the page to be detected has a click hijacking vulnerability.
Step 310: and determining that the page to be detected has no click hijacking loophole.
Determining whether the page to be detected has a click hijack vulnerability or not according to at least one item of result in the HTTP response message; the at least one result includes whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijack code for prohibiting the page to be detected from loading the iframe page.
Comparing the prior art and the method in the present application, the results of the tests performed on homepages of 200 domain names are shown in table 1:
| detecting the total amount | Number of detected | Number of missed reports | Number of false alarms | |
| Prior Art | 200 | 115 | 12 | 33 |
| This application | 200 | 91 | 7 | 4 |
TABLE 1
The method has the advantages that the accuracy is improved greatly, the false alarm rate is reduced greatly, the false alarm missing conditions can be improved by setting the black and white list, and the manual examination time of security personnel is shortened.
Fig. 4 is a schematic structural diagram of a click hijacking vulnerability detection apparatus according to an embodiment of the present disclosure.
The application provides a click hijack vulnerability detection device, include: the acquisition module 401 is configured to acquire a uniform resource locator URL of a page to be detected, and determine whether to execute a click simulation operation on the page to be detected according to the URL; a processing module 402, configured to obtain a hypertext transfer protocol HTTP response packet returned based on the simulated click operation if it is determined that the simulated click operation is performed on the page to be detected; determining whether the page to be detected has a click hijack vulnerability or not according to at least one result in the HTTP response message; the at least one result includes whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijack code for prohibiting the page to be detected from loading the iframe page.
In an optional implementation manner, the HTTP response packet includes an HTTP resource portion, and the processing module 402 is specifically configured to: determining whether the HTTP response message contains the preset anti-hijack code according to the following mode: and performing regular matching on the HTTP resource part and a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijack code according to the result of the regular matching.
In an optional implementation, the processing module 402 is specifically configured to: and if the HTTP request corresponding to the simulated click operation is a request for changing background data of the page to be detected and the HTTP request contains login state information, acquiring the HTTP response message returned based on the simulated click operation.
In an optional implementation, the processing module 402 is specifically configured to: and determining whether the URL is in a preset URL white list, and if not, executing simulated click operation on the page to be detected.
In an alternative embodiment, the at least one result further comprises: whether the HTTP response message comprises page nesting header information or not.
The beneficial effects of the embodiments of the device can refer to the beneficial effects of the click hijack vulnerability method provided by the application, which are not described herein again.
The embodiment of the application provides computer equipment, which comprises a program or an instruction, and when the program or the instruction is executed, the program or the instruction is used for executing the click hijacking vulnerability method and the method of each embodiment.
Embodiments of the present application provide a storage medium, which includes a program or an instruction, and when the program or the instruction is executed, the program or the instruction is used to execute a click hijacking vulnerability method and methods of various embodiments provided by the present application.
Finally, it should be noted that: as will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (12)
1. A click hijacking vulnerability detection method is characterized by comprising the following steps:
acquiring a Uniform Resource Locator (URL) of a page to be detected, and determining whether to execute a simulated click operation on the page to be detected according to the URL;
if the simulated click operation is determined to be executed on the page to be detected, acquiring a hypertext transfer protocol (HTTP) response message returned based on the simulated click operation;
determining whether the page to be detected has a click hijack vulnerability or not according to at least one item of result in the HTTP response message; the at least one item of result comprises whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijack code for prohibiting the page to be detected from loading an iframe page;
the value of the page nesting attribute of the CSP indicates any one of the following attributes: indicating that the page to be detected cannot be nested; indicating that the page to be detected can only be nested by the site; and indicating the sites where the pages to be detected can be nested.
2. The method of claim 1, wherein the HTTP response message includes a HTTP resource portion, and wherein determining whether the HTTP response message contains the preset anti-hijacking code is performed in a manner that:
and performing regular matching on the HTTP resource part and a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijack code according to the result of the regular matching.
3. The method according to claim 1, wherein if it is determined that the simulated click operation is performed on the page to be detected, acquiring a hypertext transfer protocol HTTP response packet returned based on the simulated click operation includes:
and if the HTTP request corresponding to the simulated click operation is a request for changing background data of the page to be detected and the HTTP request contains login state information, acquiring the HTTP response message returned based on the simulated click operation.
4. The method as claimed in claim 1, wherein the determining whether to perform the simulated click operation on the page to be detected according to the URL includes:
and determining whether the URL is in a preset URL white list, and if not, executing simulated click operation on the page to be detected.
5. The method of any of claims 1-4, wherein the at least one result further comprises: whether the HTTP response message comprises page nesting header information or not.
6. A click hijacking vulnerability detection device, comprising:
the acquisition module is used for acquiring a Uniform Resource Locator (URL) of a page to be detected and determining whether to execute a simulated click operation on the page to be detected according to the URL;
the processing module is used for acquiring a hypertext transfer protocol (HTTP) response message returned based on the simulated click operation if the simulated click operation is determined to be executed on the page to be detected; determining whether the page to be detected has a click hijack vulnerability or not according to at least one item of result in the HTTP response message; the at least one item of result comprises whether the HTTP response message contains a page nesting attribute of the content security policy CSP or not, or whether the HTTP response message contains a preset anti-hijack code for prohibiting the page to be detected from loading an iframe page;
the value of the page nesting attribute of the CSP indicates any one of the following attributes: indicating that the page to be detected cannot be nested; indicating that the page to be detected can only be nested by the site; and indicating the sites where the pages to be detected can be nested.
7. The apparatus of claim 6, wherein the HTTP response packet includes an HTTP resource portion, and wherein the processing module is specifically configured to:
determining whether the HTTP response message contains the preset anti-hijack code according to the following modes:
and performing regular matching on the HTTP resource part and a preset regular expression, and determining whether the HTTP response message contains the preset anti-hijack code according to the result of the regular matching.
8. The apparatus of claim 6, wherein the processing module is specifically configured to:
and if the HTTP request corresponding to the simulated click operation is a request for changing background data of the page to be detected and the HTTP request contains login state information, acquiring the HTTP response message returned based on the simulated click operation.
9. The apparatus of claim 6, wherein the processing module is specifically configured to:
and determining whether the URL is in a preset URL white list, and if not, executing simulated click operation on the page to be detected.
10. The apparatus of any of claims 6-9, wherein the at least one result further comprises: whether the HTTP response message comprises page nesting header information or not.
11. A computer device, characterized in that the computer device comprises: a processor and a memory; wherein the memory stores a program or instructions that, when executed by the processor, cause the computer device to perform the method of any of claims 1 to 5.
12. A storage medium comprising computer instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910540302.0A CN110278207B (en) | 2019-06-21 | 2019-06-21 | Click hijacking vulnerability detection method and device and computer equipment |
| PCT/CN2020/085723 WO2020253351A1 (en) | 2019-06-21 | 2020-04-20 | Click hijacking vulnerability detection method, device and computer apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910540302.0A CN110278207B (en) | 2019-06-21 | 2019-06-21 | Click hijacking vulnerability detection method and device and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110278207A CN110278207A (en) | 2019-09-24 |
| CN110278207B true CN110278207B (en) | 2023-04-07 |
Family
ID=67961260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910540302.0A Active CN110278207B (en) | 2019-06-21 | 2019-06-21 | Click hijacking vulnerability detection method and device and computer equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110278207B (en) |
| WO (1) | WO2020253351A1 (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110278207B (en) * | 2019-06-21 | 2023-04-07 | 深圳前海微众银行股份有限公司 | Click hijacking vulnerability detection method and device and computer equipment |
| CN111130993B (en) * | 2019-11-22 | 2022-03-29 | 北京知道创宇信息技术股份有限公司 | Information extraction method and device and readable storage medium |
| CN113158187B (en) * | 2021-03-26 | 2022-12-23 | 杭州数梦工场科技有限公司 | Method and device for detecting click hijacking and electronic equipment |
| CN113162937A (en) * | 2021-04-25 | 2021-07-23 | 中国工商银行股份有限公司 | Application safety automatic detection method, system, electronic equipment and storage medium |
| CN114090676A (en) * | 2021-11-30 | 2022-02-25 | 上海通联金融服务有限公司 | Method for realizing field in JSON message of filtering interface |
| CN114884730B (en) * | 2022-05-07 | 2023-12-29 | 深信服科技股份有限公司 | Request detection method, device, equipment and readable storage medium |
| CN115695050B (en) * | 2022-12-31 | 2023-04-07 | 北京仁科互动网络技术有限公司 | Method and device for preventing click hijacking attack, electronic equipment and storage medium |
| CN116644250B (en) * | 2023-07-27 | 2023-10-20 | 太平金融科技服务(上海)有限公司 | Page detection method, page detection device, computer equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486140A (en) * | 2014-11-28 | 2015-04-01 | 华北电力大学 | Device and method for detecting hijacking of web page |
| CN105245518A (en) * | 2015-09-30 | 2016-01-13 | 小米科技有限责任公司 | Website hijacking detection method and device |
| CN107819639A (en) * | 2016-09-14 | 2018-03-20 | 西门子公司 | A kind of method of testing and device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8856869B1 (en) * | 2009-06-22 | 2014-10-07 | NexWavSec Software Inc. | Enforcement of same origin policy for sensitive data |
| US9015844B1 (en) * | 2012-06-25 | 2015-04-21 | Symantec Corporation | Techniques for web application vulnerability scanning |
| CN104767747A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Click jacking safety detection method and device |
| CN107968769A (en) * | 2016-10-19 | 2018-04-27 | 中兴通讯股份有限公司 | Webpage security detection method and device |
| CN109672658B (en) * | 2018-09-25 | 2022-01-21 | 平安科技(深圳)有限公司 | JSON hijacking vulnerability detection method, device, equipment and storage medium |
| CN110278207B (en) * | 2019-06-21 | 2023-04-07 | 深圳前海微众银行股份有限公司 | Click hijacking vulnerability detection method and device and computer equipment |
-
2019
- 2019-06-21 CN CN201910540302.0A patent/CN110278207B/en active Active
-
2020
- 2020-04-20 WO PCT/CN2020/085723 patent/WO2020253351A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486140A (en) * | 2014-11-28 | 2015-04-01 | 华北电力大学 | Device and method for detecting hijacking of web page |
| CN105245518A (en) * | 2015-09-30 | 2016-01-13 | 小米科技有限责任公司 | Website hijacking detection method and device |
| CN107819639A (en) * | 2016-09-14 | 2018-03-20 | 西门子公司 | A kind of method of testing and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110278207A (en) | 2019-09-24 |
| WO2020253351A1 (en) | 2020-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110278207B (en) | Click hijacking vulnerability detection method and device and computer equipment | |
| US7194685B2 (en) | Method and apparatus for tracking usage of online help systems | |
| CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
| US10055590B2 (en) | Rule matching in the presence of languages with no types or as an adjunct to current analyses for security vulnerability analysis | |
| US20180025503A1 (en) | Visual regression testing tool | |
| CN105868096B (en) | For showing the method, device and equipment of web page test result in a browser | |
| US20130111594A1 (en) | Detection of dom-based cross-site scripting vulnerabilities | |
| WO2016113663A1 (en) | Rasp for scripting languages | |
| US20140129878A1 (en) | Indicating coverage of web application testing | |
| CN108459954B (en) | Application program vulnerability detection method and device | |
| CN101964025A (en) | XSS (Cross Site Scripting) detection method and device | |
| CN106055980A (en) | Rule-based JavaScript security testing method | |
| US20170371888A1 (en) | Method for advertisement interception in dual-kernel browser and browser apparatus | |
| EP3547121B1 (en) | Combining device, combining method and combining program | |
| CN111737692B (en) | Application program risk detection method and device, equipment and storage medium | |
| CN102664925B (en) | A kind of method of displaying searching result and device | |
| CN106844486A (en) | Crawl the method and device of dynamic web page | |
| Choudhary et al. | A cross-browser web application testing tool | |
| CN112637361A (en) | Page proxy method, device, electronic equipment and storage medium | |
| US20160034378A1 (en) | Method and system for testing page link addresses | |
| KR20100069147A (en) | Method and apparatus for testing quality of website | |
| CN103581321B (en) | A kind of creation method of refer chains, device and safety detection method and client | |
| CN110874475A (en) | Vulnerability mining method, vulnerability mining platform and computer readable storage medium | |
| CN111125704B (en) | Webpage Trojan horse recognition method and system | |
| US9396170B2 (en) | Hyperlink data presentation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |